Very few people will be surprised to hear The Shadow Brokers have returned in full force. Although their monthly subscription service in exchange for ZCash is doing quite well, they still release new exploits now and then. Their latest offering comes in the form of United Rake. This is yet another tool allegedly belonging to the NSA, and it packs quite a bit of functionality.

United Rake Exploit Spotted in the Wild

Most people have come to know The Shadow Brokers as a hacker collective that successfully infiltrated the NSA and took some of its goodies. Over the past year or so, we have seen most of these exploits released to the public. More powerful tools remain part of the collective’s monthly subscription service, which has been operational for nearly three months now. If certain tools could earn them money, they would much rather take that option.

There were some interesting recent changes made by The Shadow Brokers. Instead of doing just one dump of exploits each month, they are shifting things into a higher gear. There will now be two dumps per month, which can still only be paid in ZCash. Their PDF file clearly states that they have no interest in Monero, which is pretty interesting. All of the previously issued dumps are now available for purchase as well, should someone want to see what those are all about.

The August software is called United Rake, and it is quite a powerful tool. It is a “fully extensible remote collection system.” As one would come to expect, it is designed for the world’s most popular operating system, which is still Microsoft Windows. As is the case with every exploit unveiled by The Shadow Brokers, the release comes with its own detailed manual, allegedly created by and distributed to NSA staffers at some point.

United Rake is worrisome to say the least. It can best be described as a system containing implants and the infrastructure to operate remote implants. It does not even require much operator interaction, which is beneficial to the NSA or anyone else looking to take advantage of this tool in the near future. Knowing that the NSA has such an exploit in the first place is a scary thought, even though it is not necessarily the worst thing it has created over the years. Every single one of its exploits has proven to be quite powerful and intrusive.

The United Rake toolkit is particularly powerful in the sense that it offers a lot of integration opportunities. There have been several exploits discovered over the past few years, some of which date back to early 2014. These toolkits and plugins have been used successfully to collect and extract information which was then sent back to the interested party in question. There have also been a few reports over the years referring to United Rake as a tool often used in attacks on nation-states. It is no surprise why the NSA allegedly developed it, since it can seemingly do quite a few things.

Other tools unveiled by The Shadow Brokers include FOXACID, a tool which seemingly can be used in conjunction with United Rake. Although FOXACID has been a well-known threat for a few years now, it can still be actively used to de-anonymize Tor users. No one knows for sure if people are still using this plugin, either through the United Rake toolkit or otherwise. We will surely see more of these tools being unveiled in the months and years to come.